diff --git a/makefu/0tests/data/secrets/syncthing.cert b/makefu/0tests/data/secrets/syncthing.cert
new file mode 100644
index 000000000..e69de29bb
diff --git a/makefu/0tests/data/secrets/syncthing.key b/makefu/0tests/data/secrets/syncthing.key
new file mode 100644
index 000000000..e69de29bb
diff --git a/makefu/0tests/data/secrets/tonie.env b/makefu/0tests/data/secrets/tonie.env
new file mode 100644
index 000000000..94d6c469a
--- /dev/null
+++ b/makefu/0tests/data/secrets/tonie.env
@@ -0,0 +1,2 @@
+TONIE_AUDIO_MATCH_USER=
+TONIE_AUDIO_MATCH_PASS=
diff --git a/makefu/0tests/data/secrets/wbobPassword.nix b/makefu/0tests/data/secrets/wbobPassword.nix
new file mode 100644
index 000000000..0479c0770
--- /dev/null
+++ b/makefu/0tests/data/secrets/wbobPassword.nix
@@ -0,0 +1 @@
+"$6$lol"
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index dcb3dc1d4..a9d9b661f 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -51,15 +51,17 @@ in {
       # networking
       # <stockholm/makefu/2configs/vpn/vpnws/server.nix>
       #<stockholm/makefu/2configs/dnscrypt/server.nix>
-      <stockholm/makefu/2configs/iodined.nix>
+      # <stockholm/makefu/2configs/iodined.nix>
       # <stockholm/makefu/2configs/backup.nix>
       <stockholm/makefu/2configs/tinc/retiolum.nix>
       { # bonus retiolum config for connecting more hosts
         krebs.tinc.retiolum = {
-          extraConfig = ''
+          extraConfig = lib.mkForce ''
             ListenAddress = ${external-ip} 53
             ListenAddress = ${external-ip} 655
             ListenAddress = ${external-ip} 21031
+            StrictSubnets = yes
+            LocalDiscovery = no
           '';
           connectTo = [
             "prism" "ni" "enklave" "eve" "dishfire"
@@ -112,6 +114,7 @@ in {
       #<stockholm/makefu/2configs/retroshare.nix>
       ## <stockholm/makefu/2configs/ipfs.nix>
       #<stockholm/makefu/2configs/syncthing.nix>
+      <stockholm/makefu/2configs/sync>
       # <stockholm/makefu/2configs/opentracker.nix>
 
 
@@ -122,7 +125,6 @@ in {
       { makefu.backup.server.repo = "/var/backup/borg"; }
       <stockholm/makefu/2configs/backup/server.nix>
       <stockholm/makefu/2configs/backup/state.nix>
-      <stockholm/makefu/2configs/iodined.nix>
       <stockholm/makefu/2configs/bitlbee.nix>
       <stockholm/makefu/2configs/wireguard/server.nix>
       <stockholm/makefu/2configs/wireguard/wiregrill.nix>
@@ -160,7 +162,7 @@ in {
       # <stockholm/makefu/2configs/deployment/systemdultras-rss.nix>
 
       # <stockholm/makefu/2configs/shiori.nix>
-      # <stockholm/makefu/2configs/workadventure>
+      #<stockholm/makefu/2configs/workadventure>
 
       <stockholm/makefu/2configs/bgt/download.binaergewitter.de.nix>
       <stockholm/makefu/2configs/bgt/hidden_service.nix>
diff --git a/makefu/2configs/sync/default.nix b/makefu/2configs/sync/default.nix
new file mode 100644
index 000000000..6928daf87
--- /dev/null
+++ b/makefu/2configs/sync/default.nix
@@ -0,0 +1,22 @@
+{ config, pkgs, ... }: with import <stockholm/lib>; let
+  mk_peers = mapAttrs (n: v: { id = v.syncthing.id; });
+
+  all_peers = filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts;
+  used_peer_names = unique (flatten (mapAttrsToList (n: v: v.devices) config.services.syncthing.folders));
+  used_peers = filterAttrs (n: v: elem n used_peer_names) all_peers;
+in {
+  services.syncthing = {
+    enable = true;
+    configDir = "/var/lib/syncthing";
+    devices = mk_peers used_peers;
+    key = toString <secrets/syncthing.key>;
+    cert = toString <secrets/syncthing.cert>;
+  };
+  services.syncthing.folders.the_playlist = {
+    path = "/home/lass/tmp/the_playlist";
+    devices = [ "mors" "prism" ];
+  };
+
+
+  boot.kernel.sysctl."fs.inotify.max_user_watches" = 524288;
+}